Privacy Policy
Last updated: 15 March 2026
1. Controller and contact
DirectHeader (“we”, “us”) operates https://www.directheader.com. For privacy and data protection enquiries, including data subject requests, contact us at [email protected].
2. Data we collect
When you use our website we may collect: (a) technical data (IP address, browser type, device information, pages visited); (b) data you provide in the contact form (name, email, company, message); (c) cookie and preference data where you have given consent. We do not collect special categories of personal data unless you voluntarily provide them.
3. Purposes and legal basis
We process your data to: operate and improve the website; respond to enquiries (legitimate interest or contract); send marketing only with your consent; and comply with legal obligations. Legal bases under GDPR: consent (cookies, marketing), legitimate interest (site operation, support), contract (where applicable), and legal obligation.
4. Storage and retention
Data is stored within the European Economic Area (EEA) where possible. We retain contact form submissions and correspondence as needed to fulfil your request and for legitimate business purposes, and for the period required by applicable law. Cookie and preference data are stored according to your consent settings.
5. Third-party sharing
We may share data with: (a) service providers that process data on our behalf (e.g. hosting, email delivery, form handling), under strict agreements; (b) authorities when required by law. We use Web3Forms for the contact form; their processing is governed by their privacy policy. We do not sell your personal data.
6. Data Processing Agreements (DPA)
Where we process personal data on behalf of a client (e.g. when building or maintaining a website that collects user data), we enter into a Data Processing Agreement that meets GDPR Article 28 requirements, including sub-processor controls and assistance with data subject rights and security.
7. Your rights (GDPR)
You have the right to: access your data; rectify inaccurate data; erasure (“right to be forgotten”); restrict processing; data portability; object to processing; and withdraw consent where processing is based on consent. You may lodge a complaint with a supervisory authority.
Data Subject Access / Deletion (DSAR)
To request access to your personal data, correction, or deletion, contact us at [email protected] with the subject “Data request” or “Deletion request”. We will respond within one month and will verify your identity before disclosing or deleting data.
8. Cookies
We use cookies only in line with your choices in our cookie banner (necessary cookies for operation; analytics, marketing, and preferences only with your consent). You can change your preferences at any time via the “Cookie settings” link in the footer.
9. Changes
We may update this policy from time to time. The “Last updated” date at the top will change. Continued use of the site after changes constitutes acceptance of the updated policy.
For questions in another language, contact us at [email protected].